-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sat, Oct 22, 2016 at 10:50:53PM -0700, Trioxin wrote:
> As a developer, I see Qubes as an amazing opportunity to develop and test
> my software on multiple operating systems from a central secure location. I
> develop marketing software, games, and machine learning algorithms. For a
> lot of that, I need to utilize my GPU (A Titan X Pascal). I haven't
> installed Qubes yet but I was doing research and all I could find was a
> thread here that started in 2014 and had one post from 2015.
>
> As a user, I must say that if my OS can't utilize my GPU in my OS, it's not
> an OS I can use for day to day operations. I read about the security
> concerns and it's no more a concern that any other device you plug into
> your computer. The GPU isn't some gaping security hole. Today's
> motherboards and various other components have firmware scattered about
> your system. The GPU is no more insecure than them and it's a critical
> component of any computer.
The GPU _is_ somehow special - not only because of its complexity, but
mostly because of the data it handle. If someone control the GPU, he/she
control what you see on the screen and can capture it (break privacy),
or replace it (break integrity). Of course in theory you could expose
only "subset" of GPU to particular VM (for example allow access only to
some predefined surface), but in practice (because of its complexity) it
is hard to do securely. There is XenGT project from Intel which tries to do
something like this, but it isn't fully functional yet.
The above mostly applies to shared GPU. If you have separate GPU and
want to assign it to just one selected VM, it should be possible in
theory right now. In practice - you've found already how it works...
This should be doable, but it isn't our top priority right now - we have
a lot of higher priority tasks...
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYKPGoAAoJENuP0xzK19csPi0H+wZtTpKaQvewkcsPOm6Sluy4
60Pl9J2HRWISHJ9sI+EFQWSX1wxNW4rW4miryZwJgVHI++vyd8c234EbWtIm0DKc
JsF8qXgi1mGkNEObyFjdAF0c7CVRwPuxapv13WVZ2MuWnJ0YVZn15ev4dV4IgdrF
FTkkuQcYj2i8kwqmRO4QYQqx4WDS/hwbXGdwVG+Klu6ICNW/Ieoq2DqMnhBT/Qk9
SfNnnuU+l/P3Hh6YZf2uJfqZKb2IN7kQIAofHAcQ5sRbc5DVOkovrooJangVQWiP
uDLFlsBw3kP61Cuhed4vgQtKOCI9LVKMbozneYPo90lWX2drNao1Wg69NFFMzHw=
=J2NS
-----END PGP SIGNATURE-----